LUSID’s role-based access management system is designed to give you precise control over who can do what in your LUSID domain. It consists of two separate but interrelated systems:
- The identity management system controls how users authenticate (that is, sign in) to LUSID
- The access control system controls which LUSID datasets and features users are permitted to access once authenticated.
The best place to start is with our white paper explaining how these systems work together.
Then, if you’re new to the subject, try working through our tutorials.
Explanation: Understand the big picture
Tutorials: Get started by doing something tangible
- Onboarding users into LUSID
- Setting up basic access control for different users
- Authorising an application or service to call the LUSID API
- Controlling access to properties (coming soon)
- Troubleshooting a failed access request
Reference: Understand concepts and implications
How-to guides: Get something done
- How do I set up a personal user account?
- How do I set up MFA?
- How do I reset my password if I've forgotten it?
- How do I change passwords or MFA settings, or revoke access?
- How do I use SSO in conjunction with LUSID?
- How do I set up a service user account?
- How do I generate and reveal a client secret?
- How do I obtain and use a short-lived API access token from Okta?
- How do I create or revoke a long-lived personal access token?
- How do I decode an API access token? (coming soon)
- How do I use an API access token with the SDKs?
- How do I create a role?
- How do I create a feature policy?
- How do I determine the API endpoint I need for a feature policy?
- How do I create a data policy?
- How do I create a data policy to control access to properties?
- How do I create a policy collection?